Beyond 1984

Give My Data Back

Malte Spitz called and he wants his data back. Source: Michael Loewa/laif
Malte Spitz called and he wants his data back.
  • Why it matters

    Why it matters

    What the author found: Whether it involves a bank, telephone company or airline, once you hand over your data, you can never truly get it back.

  • Facts

    Facts

    • The right to receive information about personal data is anchored in Germany’s Federal Data Protection Act.
    • IT service providers like Amadeus say they don’t have to release information to individuals because they only process commissioned data.
    • But privacy is violated most when individual pieces of information are taken together and connected into profiles, the author says.
  • Audio

    Audio

  • Pdf

Ever since the mid-1990s, I have participated on Internet forums and chat-rooms. For a long time I never imagined that everywhere I went online, my data was being collected, stored and evaluated.

But my curiosity finally prompted me to undertake an expedition. I wanted to look at computing centers and data banks, to examine data from my mobile-phone provider and my health insurance company, from my local governmental office and my bank. I wanted to know, for instance, what information is stored by Lufthansa about my flights, by the German railway about my train travel, by credit-card companies about my purchases.

I wanted to find out whether we are already living in a Big Brother surveillance state.

My findings are incomplete. Various bits of my information are still slumbering in different systems, directly or indirectly connected to me. At a few places, I had to keep on digging for answers. Elsewhere, such as my banks, made it clear that they would not reveal anything more. A few gave no answers at all. The fact is, however, the right to receive information about personal data is anchored in Germany’s Federal Data Protection Act.

I wanted to find out whether we are already living in a Big Brother surveillance state.

Unfortunately, no institution has a simple, transparent and secure system for responding to this sort of inquiry and conforming to the law. For example, the possibility of authenticating yourself online is offered neither by a company nor by a public administration – even though the new personal identity card was introduced precisely to make that possible. The fact that I received data from my local government concerning another man also named Malte Spitz shows the urgent need for unambiguous and secure authentication procedures.

It was only at a few places, including credit agencies, that I received clear instructions on how I could acquire my digital information. Many companies, such as the customer service department of Air Berlin, seemed unable to cope with my request.

I learned the most about myself from my health insurance company.  Lufthansa and the German railway were also forthcoming with some information. Many institutions, however, consider providing information means just releasing basic data like name, address and their relationship to the customer. I likely would need a handful of lawyers, several thousand euros and many lawsuits to find all the information about me that’s being stored in various data banks.

We must take back control over technology, over the records and software that accompany and so strongly influence our lives.

I concentrated my attention on those areas where no other options are available. It is simply part of everyday life to make telephone calls, to consult doctors, use public transportation, have a bank account or take trips. But no matter how hard I tried, I was a long way from seeing everything that is stored about me. I don’t even know exactly who processes data about me – for example, the terminals for paying with debit or credit cards at supermarkets, in hotels and restaurants, at gas stations, bike shops and travel agencies.

I learned that my incomplete digital footprint is already frighteningly large. My explorations resulted in a brimming mailbox and a stuffed folder and several complicated exchanges of letters. If the stack of papers that my search created ever fell into someone else’s hands, they would learn a great deal about my lifestyle, my health and my finances. The list of medical services paid for by my health insurance company is evidence of accidents I long ago forgot. Taking a look at my mobile-phone data reveals where I went, when and how. The list of my travels provides indications of political activities and vacation preferences. And the fact of my taking part in a simple election-campaign is preserved, years later, in police files.

It is not one text message, transaction or stored bit of information that is the key – rather privacy is violated most when individual pieces of information are taken together and connected into profiles. Each tiny bit contributes, like a piece of a mosaic, to a comprehensive picture of my personality, a step toward becoming a “transparent person.”

Companies are storing more and more information, and government agencies demand access to this data with increasing frequency. A cartel is being created for the purpose of seeing into our lives. Businesses and government agencies work hand in hand, each with their own motives, but always with a common interest in collecting our data.

Here’s what I determined from my data expedition: Everybody ought to have the right to receive all their digital information, starting with every bank transaction, every telephone communication and every credit inquiry. Everybody should be able to see the algorithmic evaluations that computers compile about people. The same fundamental principle holds for the Internet. Everybody should be able to see whatever is stored about them by social networks, in online purchases, or when watching videos. And every individual should be able to erase that information.

The company Amadeus – which provides Internet technology for Lufthansa, Air Berlin, and for various other airlines and hotel chains – has yet to provide any clear information about data it has collected on me. The only explanation I received is that I was owed no information because Amadeus only processes commissioned data. Similar IT service providers work for banks and in healthcare. Such impenetrability cannot be permitted to continue.

We must take back control over technology, over the records and software that accompany and shape our lives. I want our children to grow up in a world where they can determine their own identities, where digital transformation promotes diversity instead of conformity and surveillance.

At this very moment, this future is being determined.

Will we retain power over our data? Or will be at the mercy of companies’ and governments’ insatiable hunger for that information?

 

German politician and member of the Green party who specialized in media policy, civil rights, economic policy and demography. He is also one of the few politicians in Germany that are experts on internet-related topics and are also recognized in the hacker community.

We hope you enjoyed this article

Make sure to sign up for our free newsletters too!